CVE-2014-3070

critical

Description

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93777

http://www.securityfocus.com/bid/69296

http://www-01.ibm.com/support/docview.wss?uid=swg21681249

http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765

Details

Source: Mitre, NVD

Published: 2014-08-22

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical